483 matches found
SAMHAIN v2.8.5 - intrusion detection system
SAMHAIN v2.8.5 - intrusion detection system The samhain open source host-based intrusion detection system HIDS provides file integrity checking and logfile monitoring/analysis, as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. It has been...
Attackers Using Amazon Cloud to Host Malware
Attackers are beginning to host their malicious domains and drive-by download sites, and most recently researchers have discovered a number of domains on Amazon’s cloud platform that are being used to install malware as part of a spam and phishing campaign designed to steal banking credentials an...
TDSS Rootkit Gets Its Own Self-Replicating Loader
The group behind the TDSS rootkit has developed a new method for getting the pernicious malware onto as many machines as possible: a worm-like, self-propagating loader. The new mechanism has the ability not only to install new copies of the rootkit on PCs, but also set up its own DHCP server on a...
ZeroAccess Rootkit Latest in Line of x64 Malware to Appear
Never ones to be left behind as progress marches on, attackers are beginning to develop more and more tools aimed specifically at exploiting 64-bit machines. The latest entry into the field is an x64 version of the ZeroAccess rootkit, a nasty piece of malware that’s been circulating for some time...
New 64-Bit Rootkit Being Used to Steal Banking Credentials
Security researchers have come across a new rootkit that is designed specifically to infect 64-bit Windows systems and steal users’ online banking credentials. It’s believed to be the first piece of malware of its kind that is capable of compromising x64 systems. The new rootkit is being used by...
RKAnalyzer - kernel level rootkit analyzer !
RKAnalyzer - kernel level rootkit analyzer ! RKAnalyzer is a kernel level rootkit analyzer and defender using Hardware Virtualization Techniques, based on the BitVisor ProjectA VMM developed by Tsukuba University and open-sourced under BSD License. It tries to monitor kernel level rootkits'...
New Version of Alureon Ups the Ante on Encryption
A new version of the venerable Alureon malware has appeared, and this one includes some odd behavior designed to prevent analysis and detection by antimalware systems. However, this isn’t the typical evasion algorithm, as it uses some unusual encryption and decryption routines to make life much...
November, 2005: Sony/BMG Digital Rights Management Rootkit
Sony helped create the home entertainment industry by successfully defending the right of its customers to copy movies for personal use with the help of its Betamax technology, of course all the way to the U.S. Supreme Court. That made the debacle of the company’s decision, two decades later, to...
Microsoft Pushes Out Two New Security Tools
In parallel with its release of 17 bulletins on Patch Tuesday this month, Microsoft also unveiled two new tools that are meant to help make a couple of common exploitation scenarios more difficult for attackers. The company released a tool called Office File Validation for some older versions of...
New Chinese MBR Rootkit Identified
A new rootkit that uses the master boot record MBR to hide itself has been discovered in China and is being used to install an online game password stealer. The bootkit is installed on the computer by a trojan downloader distributed from a Chinese adult site and is detected by Kaspersky as...
Reversing Stuxnet's Rootkit Into C++ , Download !
This is the first time Mr. Amr Thabet from Egypt , student at Alexandria University Faculty of Engineering Mechanical Department , reverse a rootkit. He choose Stuxnet Rootkit as it's a famous virus and begin reversing.. Finally now he convert it into C++ code with a commented IDA Pro v.5.1...
LKM rootkit в современных Linux
В этой статье мы научимся собирать LKM-rootkit под современные ядра Linux, не смотря на то, что многие пишут, что это неактуально. Попробую опровергнуть это. В данной статье использованны вещи, доступные в паблике и некоторые мои наработки. Руткиты подразделяют на ядерные уровня ядра и неядерные...
Panda Global Protection 2010 local Dos (unfiltered wcscpy())
Exploit for windows platform in category dos / poc include include include include define SystemModuleInfo 11 / Program : Panda Global Protection 2010 3.01.00 Homepage : http://www.pandasecurity.com Discovery : 2010/04/09 Author Contacted : 2010/07/15 Status of vuln : Patched ! Found by : Heurs...
Mobile Attacks Reign at Black Hat DC
ARLINGTON, VA–A number of researchers showed off interesting new attack techniques at the Black Hat DC conference this week, including one that enables an attacker to execute malicious code on handsets over the air. Perhaps the most interesting technique discussed at the show was a novel attack...
Rootkit Being Used in Attacks on Exim Bug
Attackers have begun using the bug in the Exim mailer that was disclosed earlier this week to install a rootkit on machines running vulnerable versions of the software. The vulnerability in Exim, which is a mail transfer agent used on Unix-based machines, came to light on Monday and can result in...
TDL4 Rootkit Now Using Stuxnet Bug
The TDL4 rootkit, which reared its head last month as the latest evolution of the venerable TDSS malware family, is now using one of the Windows bugs that was first seen in use by Stuxnet. The latest modification to TDL4 enables the rootkit to use the unpatched Windows Task Scheduler vulnerabilit...
ProFTPD 1.3.3c compromised source remote root Trojan
Exploit for php platform in category remote exploits ==================================================== ProFTPD 1.3.3c compromised source remote root Trojan ==================================================== == ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC...
ProFTPD 1.3.3c Trojan Source Code
== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...
ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution
== ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemon to gain access to the server and used their privileges to replace...
ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution
ProFTPd 1.3.3c - Compromised Source Backdoor Remote Code Execution == ProFTPD Compromise Report == On Sunday, the 28th of November 2010 around 20:00 UTC the main distribution server of the ProFTPD project was compromised. The attackers most likely used an unpatched security issue in the FTP daemo...